Open Forum #10 Multistakeholder Governance Intl Law in Cyberspace

Summary

This discussion focused on the intersection of multi-stakeholder governance and international law in cyberspace, held as part of the Internet Governance Forum (IGF) with input toward the WSIS+20 review process. The panel explored how international law can facilitate and strengthen the multi-stakeholder model of internet governance, making it more efficient, inclusive, and predictable.

Maciej Groń from the Polish Cyber Security Agency emphasized that multi-stakeholder governance is essential rather than optional, noting that national laws are insufficient for addressing global cyber issues like illegal content. He highlighted successful international cooperation through organizations like INHOPE, which operates across 55 countries using common standards and classification schemas.

Anna Podgorska-Buompane discussed the Polish EU presidency’s priorities in digital diplomacy, including strengthening the IGF, promoting human-centric approaches, and defending an open, secure internet through multi-stakeholder governance. She outlined various initiatives, including high-level conferences and coordination among EU member states on WSIS+20 positions.

Elena Plexida from ICANN explained how multi-stakeholder governance operates in practice, describing it as actual decision-making rather than mere consultation. She emphasized that the global internet requires governance that transcends national borders, with technical communities, governments, and civil society participating on equal footing. Plexida noted that international law provides crucial legal frameworks that help technical communities develop sound policies.

Helen Popp from the European External Action Service presented the EU’s common declaration on international law in cyberspace, adopted in November 2024. This declaration establishes shared understanding among EU member states on key legal principles, including due diligence obligations, attribution of cyber operations, and the application of international humanitarian law.

Lukasz Kulaga advocated for more states to develop national positions on international law in cyberspace, explaining that such positions enhance transparency and contribute to legal interpretation. He also suggested alternative approaches for developing international law, including potential involvement of the International Court of Justice and the International Law Commission.

The discussion concluded with practical questions about breaking down silos between different technical communities and ensuring that law enforcement doesn’t circumvent international treaties. The panelists emphasized the need for continued collaboration and the importance of maintaining the multi-stakeholder model while strengthening its legal foundations through international law.

Keypoints

## Major Discussion Points:

– **Multi-stakeholder governance as essential infrastructure**: The panelists emphasized that multi-stakeholder governance is not optional but fundamental for managing global internet resources, with ICANN serving as a key example of how technical communities, governments, civil society, and other stakeholders make collective decisions about internet identifiers and standards.

– **International law as a framework for cyber governance**: Discussion centered on how international law can support and legitimize multi-stakeholder processes, with particular focus on the EU’s recent declaration on applying international law to cyberspace and the need for more countries to develop national positions on cyber law.

– **Breaking down silos between technical and policy communities**: A significant portion addressed the challenge of connecting high-level international law discussions with practical technical implementation, emphasizing the need for better coordination between different internet governance organizations and stakeholders.

– **State responsibility and due diligence in cyberspace**: The conversation explored how traditional international law concepts like state sovereignty, due diligence obligations, and attribution of cyber operations apply in the digital domain, particularly in the context of malicious cyber activities.

– **WSIS+20 and the future of internet governance**: The discussion was framed around the upcoming World Summit on the Information Society review process and how international law frameworks can strengthen and legitimize the continued use of multi-stakeholder governance models.

## Overall Purpose:

The discussion aimed to explore how international law can support and enhance multi-stakeholder internet governance, particularly in preparation for the WSIS+20 review process. The panelists sought to bridge the gap between high-level international legal frameworks and practical internet governance implementation, demonstrating how legal norms can provide stability and legitimacy to bottom-up, collaborative governance models.

## Overall Tone:

The discussion maintained a consistently professional and collaborative tone throughout. Speakers demonstrated mutual respect and built upon each other’s points constructively. The tone was academic yet practical, with panelists sharing concrete examples and actionable insights. There was an underlying sense of urgency about the importance of these issues for the future of internet governance, but the conversation remained optimistic about the potential for international law to support multi-stakeholder processes. The interaction with audience questions added a more dynamic element while maintaining the scholarly and diplomatic character of the session.

Speakers

– **Viktor Skvarek**: Remote participation moderator, managing online participation for the panel

– **Helen Popp**: Cyber policy officer with the European External Action Service, focuses on UN negotiations particularly related to the Open-Ended Working Group on cyber issues

– **Elena Plexida**: Representative of ICANN, has experience in European policymaking and policy development, facilitates cooperation between governments and the broader ICANN community

– **Lukasz Kulaga**: Professor representing the foreign ministry, academic with background in developing national positions on the application of international law in cyberspace (speaking in private capacity)

– **Anna Podgorska-Buompane**: Employee of Polish Digital Affairs Ministry, seconded to Polish permanent representation to the EU as digital and cyber attaché, chairs telecom working party during Polish presidency to the European Council, representative of Poland within the ICANN community

– **Audience**: Participant identified as Wouter Natwies, represents the dynamic coalition on the internet standards security and safety within the IGF system

– **Maciej Gron**: Representative of the Polish Cyber Security Agency, speaking on behalf of research institute NASK, deals with cyber security and works for Polish hotline, attorney at law

– **Joanna Kulesza**: Assistant professor of international law at the University of Lodz in Poland, director of research center Lodz Cyber Hub, on-site moderator for the session

**Additional speakers:**

– **Luke**: Online participant who submitted a question via chat (full name and credentials not provided)

# Multi-Stakeholder Governance and International Law in Cyberspace: A Comprehensive Discussion Report

## Executive Summary

This Internet Governance Forum (IGF) session, moderated by Joanna Kulesza, examined the intersection between multi-stakeholder governance and international law in cyberspace, with particular focus on preparations for the WSIS+20 review process. The panel brought together representatives from technical communities, government agencies, and cybersecurity practitioners to explore how international law can strengthen the multi-stakeholder model of internet governance.

The discussion revealed strong consensus among participants that multi-stakeholder governance represents an essential approach to managing global cyber challenges. Speakers emphasized that cyber threats and illegal content are inherently international problems requiring coordinated responses that transcend national borders, with international law frameworks providing necessary legal basis for effective multi-stakeholder decision-making.

## Key Participants and Their Contributions

### Technical Community Perspective

**Elena Plexida** from ICANN distinguished multi-stakeholder governance from consultation processes, emphasizing that “multi-stakeholder governance in the case of the global Internet is decision-making. You don’t just have stakeholders there who are being consulted. There’s actual decision-making.” She highlighted ICANN’s unique model where technical communities, governments, and civil society participate equally in decisions about internet identifiers.

Plexida explained how ICANN maintains “common technical language” that enables devices worldwide to communicate, noting that “I’m not aware of any other public resource, or public good, that is governed the way the fundamentals of the global Internet are governed.” She acknowledged the need for creative forum-building to coordinate between different technical organizations while operating within ICANN’s specific mission limitations.

### Government and Diplomatic Perspectives

**Helen Popp** from the European External Action Service presented the EU’s recent work on international law in cyberspace, including a declaration establishing shared understanding among member states on key legal principles. She noted that “the key challenge is to ensure that states interpret those rules by and large in the same manner,” while observing that the primary obstacle is that “too many states have thus far remained silent on this question.”

**Anna Podgorska-Buompane** from Poland’s Digital Affairs Ministry outlined her country’s EU presidency priorities, including strengthening the IGF and promoting multi-stakeholder governance. She emphasized that “internet governance and multi-stakeholder processes are the cornerstone of digital diplomacy” and described various initiatives including coordination among EU member states on WSIS+20 positions.

**Lukasz Kulaga**, representing academic perspectives on international law, advocated for more states to develop national positions on international law in cyberspace. He suggested exploring alternative mechanisms including potential involvement of the International Court of Justice and the International Law Commission, and highlighted gaps in current frameworks, particularly regarding protection of subsea data cables.

### Cybersecurity and Law Enforcement Perspective

**Maciej Groń** from the Polish Cyber Security Agency provided a practitioner’s perspective, stating emphatically that “the multi-stakeholder model is not a nice thing to have, it’s a must-have” because “even the best national laws are powerless if they are not required beyond borders.”

Groń highlighted successful international cooperation through INHOPE, which operates across 55 countries using common standards and universal classification schemas. He demonstrated how standardized approaches enable effective cross-border cooperation in addressing illegal content and cybersecurity threats.

## Areas of Strong Consensus

### Multi-Stakeholder Governance as Essential

All speakers agreed that multi-stakeholder governance represents a fundamental necessity for managing cyberspace. This consensus transcended traditional stakeholder boundaries, with technical community representatives, government officials, and cybersecurity practitioners all emphasizing collaborative governance as operationally essential rather than ideologically preferred.

### International Cooperation as Requirement

Participants unanimously agreed that cyber challenges require coordinated international responses beyond individual national approaches. Speakers emphasized that national laws alone are insufficient for addressing cross-border cyber threats, illegal content, and technical vulnerabilities affecting global internet infrastructure.

### International Law as Supporting Framework

Technical and legal experts agreed that international law frameworks provide essential legal basis for effective cyberspace governance. Speakers agreed that international law supports rather than replaces multi-stakeholder governance, providing legal foundation that enables technical communities to develop sound policies while ensuring accountability.

## Interactive Discussion and Key Questions

### Breaking Down Organizational Silos

Audience member **Wouter Natwies** posed a critical challenge about “how do we break the silos and come together to fundamentally rebuild the security of the internet together.” This intervention highlighted the gap between high-level governance discussions and practical security implementation across different technical layers and organizations.

Elena Plexida responded by acknowledging ICANN’s mission limitations while emphasizing the need for creative forum-building. She noted the importance of coordination between technical organizations while respecting existing mandates and structures.

### Preventing Government Circumvention

Online participant **Luke** asked about preventing governments from circumventing international treaties by pressuring private actors directly. Elena Plexida provided a detailed response using the Council of Europe Budapest Convention as an example, explaining how international frameworks can provide legal basis for cooperation while establishing proper procedures and safeguards.

This exchange highlighted practical challenges in implementing international legal frameworks and the importance of having established mechanisms for legitimate cross-border cooperation.

## Practical Examples and Case Studies

### INHOPE Network Success

Maciej Groń detailed how INHOPE operates across 55 countries using universal classification schemas that standardize content legality determinations across different jurisdictions. This example demonstrated practical multi-stakeholder cooperation in addressing illegal content through shared technical standards and coordinated responses.

### ICANN’s Governance Model

Elena Plexida explained how ICANN maintains global internet functionality through multi-stakeholder decision-making that ensures technical interoperability. She emphasized how this model enables equal participation by different stakeholder groups in making decisions about critical internet infrastructure.

### EU Common Positions

Helen Popp described the EU’s approach to developing shared positions on international law in cyberspace, noting that over 100 UN member states have now published positions on international law application in cyberspace, representing significant progress in building consensus.

## Implications for WSIS+20

### Strengthening Existing Structures

Speakers demonstrated preference for building upon existing governance mechanisms rather than creating new institutional structures. This approach reflects practical recognition that the internet governance ecosystem contains numerous organizations and processes that can be enhanced rather than replaced.

### Encouraging State Participation

The discussion emphasized the importance of encouraging more states to develop and publish positions on international law in cyberspace. This approach could help address concerns about legitimacy and representation while building broader consensus on fundamental principles.

### Integrating Legal Frameworks

The session highlighted opportunities for better integrating international law principles with multi-stakeholder governance processes, potentially providing enhanced predictability and legitimacy for collaborative governance mechanisms.

## Key Recommendations

### For States and International Organizations

– States should prepare national positions on international law application in cyberspace to increase transparency and contribute to legal development

– Regional organizations should continue developing common positions following the EU’s example

– Alternative mechanisms like ICJ advisory opinions should be explored when traditional dialogue reaches impasses

### For Technical Communities

– Technical organizations should explore creative forum-building approaches that coordinate across traditional silos

– Technical communities should continue engaging with international law development to ensure legal frameworks support effective technical governance

### For the Internet Governance Community

– The IGF should continue facilitating dialogue between international law experts and multi-stakeholder governance practitioners

– Internet governance organizations should explore better coordination mechanisms to address cross-cutting challenges

## Conclusion

This discussion demonstrated remarkable consensus among diverse stakeholders on the fundamental importance of multi-stakeholder governance for effective internet governance and cybersecurity. The strong agreement on collaborative approaches, international cooperation necessity, and international law relevance provides solid foundation for continued development of the multi-stakeholder model.

The session’s emphasis on building upon existing structures, combined with calls for increased state engagement with international law development, provides clear guidance for WSIS+20 discussions. The practical examples shared by speakers—from INHOPE’s cross-border cooperation to ICANN’s technical governance—demonstrate that multi-stakeholder approaches are not theoretical ideals but operational necessities for managing global internet resources effectively.

As the WSIS+20 review approaches, this discussion provides important evidence that the multi-stakeholder model enjoys broad support across stakeholder communities and can be strengthened through better integration with international law frameworks while maintaining its unique characteristics for governing global cyberspace.

Joanna Kulesza: Good afternoon, everyone. Thank you so much for joining us for this final session for today on multi-stakeholder governance and international law in cyberspace. My name is Joanna Kulesza. I’m an assistant professor of international law at the University of Lodz in Poland, and I have the privilege of directing a research center, the Lodz Cyber Hub, that researches how international law applies in cyberspace. It is my pleasure to be your on-site moderator today. I am joined today by our on-site moderator, the good spirits behind this panel, Mr. Viktor Skvarek, who will be managing our online participation. I welcome those of you who are joining us in the room and online. We have an excellent setup of speakers hosted here today by the Ministry of Digital Affairs, who’s the host for this session, and the Lodz Cyber Hub. For the purpose of time, I shall refrain from individual introductions, and I will ask our speakers to introduce themselves as they take the floor. And I will start by giving you the background for this panel. Why is it that it might be worth our while to discuss the application of international law in cyberspace during an IGF? As I’m certain you have noticed, there is an overarching theme of WSIS plus 20 input, and WSIS happening in a couple of days’ time will be the process where we decide if how we have governed cyberspace thus far through the multi-stakeholder model is indeed the way we wish to continue. As much as there is consensus, it will likely remain the way. There are also enhanced conversations around how international law could help us facilitate that model, make it more efficient, make it more inclusive, make it more predictable. And this is where our panel and our panellists come in. We will discuss broader issues of internet governance and international law. We will also look specifically into individual documents and processes that facilitate building a more resilient and sustainable cyberspace. For the opening remarks, I’m thrilled to share the floor with Mr. Maciej Groń, who’s representing the Polar Cyber Security Agency, and will give us a brief introduction from the governmental side on why it might matter to facilitate the multi-stakeholder model with international law. Sir, the floor is yours.

Maciej Gron: Thank you very much. I’m speaking on behalf of our research institute, NASK. I deal with the cyber security and I work for Polish hotline. Frankly speaking, I was trying to prepare something special, but discussing the topic of multi-stakeholder governance and international law in cyberspace has been discussed extensively, not only this IGF, but many IGFs before. So I can only say that the multi-stakeholder model is not a nice thing to have, it’s a must-have. And it’s not just a good idea, it’s a fundamental condition for our daily work. Even the best national laws are powerless if they are not required beyond borders. So from my perspective, as an attorney at law who’s working for the hotline, we are dealing with the illegal content, as you know. So there’s nothing like, you know, the national illegal content. The content is illegal content, especially the system is always international. So if the problem is international, we need the international solution. Absolutely any national regulation, which is only for one country, is absolutely not enough. But when we’re dealing with illegal content, we have really good examples, because we are not treating, you know, the regulation like traditional criminal codes or civil codes, because on the global level, it’s absolutely impossible. But we have, you know, very good standards, and we are working on the standards absolutely in the multi-stakeholder model. And we have, you know, the great institution which is called INHOPE, and also to this institution belongs 55 countries. So we have, you know, the good examples. And we are absolutely very optimistic that, you know, that this approach, multi-stakeholder approach, and international law, which we understand, you know, not, you know, like our national laws, because it’s… It’s impossible, we don’t have the international courts, which are the same like our national, so we have the good examples. The one example which I want to mention, this is for example the universal classification schema, which can standardize the content, where it’s legal, where it’s not legal. But you know the meaning of this content is always the same. And the cooperation is really very important, because for example the same material can be legal in one country and not legal in the others. Today we have discussed also the problem of deep fakes and deep notes. And this kind of materials are not legal in every country and not illegal in every country, so we have to cooperate somehow. So that’s why our standards which we have, they are helping us very much. And if someone thinks that good standards for one country is enough, I don’t think it’s true. And so I encourage everyone to cooperate with us, with our standards. And what is important, we have the very good examples, but as you know always, the regulation is not enough. So we need the people who will share this regulation and who will first of all respect these standards. But it’s very easy, the willingness is only important. So I think that when the focus is really concrete and the reason why we want to protect someone, in my case children, it’s enough to start and be efficient as much. Thank you very much.

Joanna Kulesza: Thank you. Thank you so much, Maciej. That’s a very important call for the bottom-up cooperation that we need to facilitate the multi-stakeholder approach to Internet governance, an important role for international law to play within that framework. For our panel, I’m pleased to welcome four speakers. We have a good hybrid setup, as you can see. We have some of our speakers joining online and some of them here in the room. The process for this panel shall be for our speakers to take the floor. I will kindly request them to speak for roughly 15 minutes. We have given them specific themes, which I will introduce as we progress. And then we would love to open the floor for your questions and or comments. We do have online participants. We encourage them to post their questions into the chat, clearly highlighting that that is the content of the question and to whom it might be directed. We will then read those questions out aloud. The remote participants are also encouraged to take the floor. And then we have remote mics available here for the participants in the room. So we would like to keep this session interactive, whereas we would kindly ask you to hold your questions and comments until after the presentations from our panelists. As already said, we have a wonderful setup of speakers representing different areas of where international law is being applied to cyberspace. It is my great pleasure to welcome our first speaker, Ms. Anna Podgorska-Buompane, who is representing Poland with the European Commission. Anna also is a representative of Poland within the ICANN community, and we’ve had fruitful conversations around how the work within the European Commission on internet governance and facilitating responsible state behavior in cyberspace could complement the WSIS 20 processes and the work done here within the IGF community. Anna has kindly agreed to offer a glimpse into the Polish presidency with that specific theme, and it is my great pleasure to hand the floor over to her with a brief, kind request for an introduction. Anna, the floor is yours.

Anna Podgorska-Buompane: Thank you very much, Joanna. Good afternoon, colleagues, panelists, and good afternoon to all attendees. First of all, I would like to kindly apologize because I was supposed to be on site, but due to the general strike here in Brussels, which affected basically all sectors, not only transport, the airports are closed and there are no planes taking off today, so that’s why unfortunately I had to join online. I am an employee of Polish Digital Affairs Ministry, but since many years I’ve been seconded to a Polish parent representation to the EU as the digital and cyber attaché, dealing mostly with cyber and digital diplomacy, and during Polish presidency to the European Council, I am chairing a telecom working party, focusing mostly on external relations. So, we thought that it would be a very good occasion to share our perspective on the external policies and multi-stakeholder approaches, including YSYS plus 20 review, since the presidency happens every 13 and a half years, so the next possibility for us would be indeed in so many years. So, just to very quickly sum up what we have introduced during our presidency, it’s to… have a clear view on the external relations of the EU and one of the Polish presidency priorities in the digital sphere was indeed a concentration on internet governance and multi-stakeholder processes which are currently taking place and which are indeed very, very important. So, we have worked within all 27 EU member states and we worked since the 1st of January being involved in elaborating different coordination positions, if I may only cite a couple of them. So, we have discussed EU and its member states together with the European Commission on the YSS plus 20 review. We have within the Council elaborated on different priorities but just to mention a couple of them. These are of course the issue related to straightening the IGF which is the cornerstone initiative on the IG, a human-centric and human rights-based approach, multi-stakeholder digital governance as the core of the UN system, of course straightening crisis to address the digital device and of course defending the open global free interoperable and secure internet through multi-stakeholder governance which is the really a key word for the EU but also for the Polish presidency. We have also provided the input to the ITU questionnaire on YSS plus 20 review and we have been also involved in the consultation of the scientific panel on AI and the global dialogue on AI governance. And just to also flag up that what of course going around the YSS and multi-stakeholder approach, we thought that the involvement of many different players not only member states would be very, very much important. That’s why we have also co-organized with the European Commission in April today a global multi-stakeholder high-level conference on governance of web 4.0 which the main panel was concentrated indeed on the internet governance and we had many distinguished speakers, also representatives of ICANN, governments outside of Europe and the discussion was indeed very good. Then also in Poland under the Polish presidency we have organized in May, the Conference on International Digital Partnerships and Projects, which we also discussed and mentioned the importance of internet and internet governance and the multi-stakeholder approach, also always within the view of the YSYS++20 review process. Our motto, our presidency was building the bridges, connecting the dots, making the and connecting the dots and so avoiding silos. So that’s why we thought that it’s very good also in the discussion to involve not only the experts but also diplomats. So that’s why under the umbrella of the EAS, European External Action Service, there is the digital diplomacy network present, which gathers 27 EU digital ambassadors. So we organized two on-site meetings of this DDN network. One of the teams which were discussed also among the digital ambassadors was also the YSYS++20 review. One meeting took place in Brussels, another back in Poland, in Szczecin, where we had also a good presence from EFTA countries representatives, where we could exchange of the joint approaches and understanding of the ongoing global processes. Last but not least, we have also involved with other stakeholders, very important, which was the ICANN, who kindly provided us with the workshop on internet governance. So we really had a very good turnout from the cyber attaches and telecom attaches. So I’m taking the possibility to thank you also, because I see among the panelists there is Elena, who is a representative of ICANN. And then we had also very good discussion under the roundtable, which we have organized with RIPE NCC back in Brussels on digital and cyber diplomacy, when also the YSYS processes and multi-stakeholderism was mentioned many times. So I would like to also mention that we are also willing to concentrate now, since the elements paper for the YSYS++20 review has been just published five days ago. So, and which address many issues, but also including cyber security being as a critical component to build confidence in the use of the ICT. So now we are analyzing this in details and of course, the discussion on that will follow in the council. And the other thing, which I would also mention and draw to your attention, last year in April, the European Council has asked the European Commission and the European External Action Service for the external strategy to the European Union, which has been published a couple of weeks ago. This is the joint communication from those two institutions. The document is available online and it’s public, so whoever is interested, it can be read through, but there is also indeed a very important component of internet governance in it and multi-stakeholderism. Indeed, it is also worth making familiar with that, apart of course from digital partnerships and cooperating with like-minded countries and other regions and states and organizations, the internet governance also has its place in this external EU digital strategy. Last but not least, I would like to mention also the focus, which we have towards the involvement of youth. So, not only as the country who has organized UN IGF also back in Poland, but also for the different processes and the technology importance, which are now taking place and the influence of the technology over the young people lives and the thinking perception. So, we also put a big and very important stress on that, that the young people who will be the legislators and the future policymakers, they are very important in this ecosystem to play a very active role. That’s why we also during the digital summit, which took place last week in Gdańsk, had the meeting of the very engaging, active and interested in the digital world young people with the high representative of the European Commission, Henna Birkunen. I have to say that the discussion with the executive vice president went very smoothly and it showed only how the young people, they are aware of what’s going on in the internet and how it can influence their life, including subject topics like disinformation, AI and others. So, with that, this was just a brief overview from my side. I’m sure that my other colleagues, they can deep dive on the more legal issues related to cyberspace. So, thank you very much and at the end, I will be open for any questions and comments you may have.

Joanna Kulesza: Thank you. Thank you so much, Anna. That was a very comprehensive overview of both the Polish presidency and its work around the multi-stakeholder model and support for the WSIS Plus20 as well as of the processes themselves. In your intervention, you mentioned ICANN and it is my pleasure to hand the floor over to our next speaker, Ms. Elena Pleksida, who is representing ICANN for the purpose of this conversation. Elena has a long-standing experience in both European policymaking, policy development and most recently, facilitating the cooperation between governments and the broader ICANN community. I have had the pleasure of working with Elena on multiple occasions before. It is my great honor today to welcome you to the panel, Elena. We have kindly asked you for the purpose of this panel to bridge that divide, perceived divide, between Internet governance and international law. It is one of our joint favorite topics and I know you have a very feasible, understandable way of explaining why international law might help with multi-stakeholder governance also from the technical community’s perspective. Thank you so much for finding the time and thank you so much for contributing to the discussion. It is my great pleasure to hand you the floor.

Elena Plexida: Thank you so much, Joanna. Hello to everyone. I hope you can hear me okay. pleasure of hearing Anna, another person which we have worked with fantastically not only during the past six months of the Polish presidency but also before and let me take the opportunity to thank the Polish presidency for setting up this discussion that we’re having today which I personally find very relevant as we’re moving towards the WSIS plus 20 review at the end of the year but also beyond that and also thank the presidency for the work they did on internet governance during the semester for the special care the presidency took to involve all stakeholders and really helping connecting the dots which is necessary I think if you ask me from my from my background both in policy making the classic way in European institutions but also the multi-stakeholder policy making it’s a it’s an actual absolute must so congratulations for the work you did in that in that space overall. Right on the topic at hand multi-stakeholder governance and international law. I think I would say to talk about multi-stakeholder governance and international law we first have to define if you will multi-stakeholder governance what it is that we’re talking about and see how this fits into or not it’s a discussion within the today’s international order within the Westphalian international order that we have today and we do things and then see how it interacts with international law. So let’s do that try to define what is it that we’re talking about what is this governance multi-stakeholder governance that we’re talking about and how it fits into the way we do things otherwise in the world. You know that I work for ICANN it’s been mentioned already it’s ICANN is one of the organizations that help maintain what we know as the global internet. It’s a family of technical organizations you have the IETF and the regional internet registries lots of organizations it’s not just one they do what we say they maintain the fundamentals the those that give you that the network layer of the internet hence you have a global internet. I’m not a technical person hence the way I describe it usually is that we maintain some sort of common technical language so all the machines and all the devices and the other three are in the middle of the screen. The devices that are on the Internet, they use the same language, which is unique. Because there is this uniqueness, and this same technical language, they can find each other, and that’s the way you have a global Internet. Otherwise, we would have different segments of it here, there, left, and right. So this is what we do. Now, how we do it. How we do it goes back to the multistakeholder governance. Let me correct it here. Internet is really a public resource. I said that it’s time to be corrected here, because at least to my knowledge, I’m not aware of any other public resource, or public good, if you will, that is governed the way the fundamentals of the global Internet are governed. Usually what you have is, let’s take the example of Spectrum. You have a global organization composed of governments, sitting there in their sovereign rights to do that, and make decisions about how to govern a public resource. In the case of the global Internet, the fundamentals, the identifiers of the Internet, it doesn’t work exactly that way. We have governments sitting there, but we have everyone else sitting there on an equal footing, so stakeholders such as the engineers, those that know how standards work, civil society, and others. They sit together and they make decisions collectively. The word decisions is quite important in what I’m trying to say. Multi-stakeholder governance in the case of the global Internet is decision-making. You don’t just have stakeholders there who are being consulted. There’s actual decision-making. In the case of ICANN, just to pick up on ICANN as an example, this decision-making that is done by the technical community changes things, can change things, like the very root of the Internet. You can imagine the gravity and the importance. The global Internet, the fundamentals of the Internet, they know no borders, and they should know no borders. otherwise we wouldn’t have a global internet. So you can say in one way that the governance that is applied on the global internet is consistent with the system we’re trying to govern, like it’s a global system. So also the governance, if you will, in a way it’s outside of sovereignty. By not having governments alone making the decisions, it operates in a very different way. It might be an exaggeration when I say outside sovereignty, but that’s the way I perceive it at least, just by the fact that there is no exercise of sovereign right as such. And another reason, to be honest with you, that I think, and that’s my personal take, that we have this special governance, this multi-stakeholder governance model that became the way it is today. I believe it has to do also with the point in time when the internet became what it is today. The internet grew at a point in time when we were moving from nation states to globalization, we liked each other, there was a collaborative atmosphere all over the place. And I think that this is reflected into the internet as an invention and also in its governance, which as I said before, it’s quite special, it’s left outside sovereignty in a way. Now, of course, the world is not the same place as it used to be. There are geopolitical tensions and that in itself is a topic of another panel discussion, so I will leave it here and now continue. I will only suffice to say that the multi-stakeholder governance, when it comes to the global internet, as Matsi said very nicely at the beginning, it’s not a nice to have, it’s a must have, because it enables and it protects the global internet. Now, going to the question of how multi-stakeholder governance affects or how it interferes, intervenes and interplays with international law. As I said, we have this multi-stakeholder governance where everyone is sitting around the table, it’s bottom-up decision-making. Again, I will say it is decision-making. So everything that has to do with the technical standards that run the internet is done through that one. And this is something we should always keep in mind, particularly if we are to design international law frameworks in the future. We have to remember this particularity of how the internet works and how the governance of the internet needs to work. That doesn’t mean that everything is happening in the vacuum and there’s nothing that has to do with international law, like it’s completely separate, no. We don’t have a vacuum, as I said, technical communities are there to, yes, create policies around the standards, which keep the internet stable and secure and global, but they’re not there to interpret or draft international law. International law has to be given by the actors that need to be given. It helps the policymaking of technical communities. Just to give you an example, there are issues that the technical communities are discussing, aside the standards as such, which have to do with registration of IP addresses, registration of domain names, how to uphold privacy when it comes to registration or other issues. how to enable cyber security, how to combat abusive use of domain names, which might be used in phishing, spam, what have you. Having a legal basis by international law is super important to be able to have sound policy also within the technical organizations, because imagine a situation where we have, I don’t know, one jurisdiction looking into an issue in one way and implementing a law, and in the other hand, another jurisdiction implementing the exact opposite. Then the technical community cannot, it will be a madness, they cannot put in place rules that will help. And the other way around, how the multi-stakeholder governance and policymaking would influence, if you will, impact or have some sort of impact on international law. I think I would say here that having international law being incorporated the way it needs to be, case by case, into technical community policymaking means that we sort of have a level setting for international law. It furthers its application globally. And I will again here quote Maciej, who said at the beginning, and I really like that, that laws are not good enough if they do not work beyond borders. And that I would say is something that the multi-stakeholder governance model with its global reach then furthers international law where it is applied in different policies, as Maciej said. I think I will stop here. I’m looking forward to the discussion. Thank you very much. Thank you. Back to you.

Joanna Kulesza: Thank you so much, Alina. That was most insightful and very comprehensive, as per usual. It’s the perfect framework for us to dive deeper into what international law actually means in this context. We have looked at policy development processes. We have looked at internet governance per se. And it is my pleasure to hand off the floor to our next two speakers who will focus on international law indeed. Our first speaker is Ms. Helen Popp, who is the cyber policy officer with the European External Action Service. Helen will focus on a document recently adopted at the end of last year, that is the and Mr. Lukasz Kulaga. Thank you. So, the first thing I want to highlight is the declaration of the application of international law in cyberspace adopted by EU member states. Now, this is a significant achievement, particularly because as much as different states have produced their own understandings, documents where they would identify how they read the application of international law in cyberspace, such a common understanding remained a challenge. Now, we do have that document, so if you’re looking for a one-stop shop for the European perspective on how international law applies in cyberspace, that just might be that document. But I’m thrilled to welcome Helen here, because I know there is so much more substance, both to the document and the context in which it was approved, elaborated, and the steps that will follow. I don’t mean to spoil the surprise, and I will kindly ask you, Helen, to take the floor and tell us as much as your mandate allows you. Thank you so much for joining us.

Helen Popp: Thank you very much, Anna. It’s a pleasure to join this workshop, and I regret that I’m unable to be there in person this time around, but there is always next time. Yes, as you said, I currently serve as a cyber police expert at the European External Action Service. Over the past four years, I have primarily focused on UN negotiations, particularly related to the Open-Ended Working Group on cyber issues, but I will come back to that a little bit later. So, yes, as you mentioned, in November 2024, the European Council approved a declaration by the EU and its member states on a common understanding of the application of international law to cyberspace. The declaration is not legally binding and does not affect the national positions of member states. However, it is the public common political understanding of the EU and its member states on several important legal topics. But most importantly, the declaration signals that international law remains fit for purpose in this digital domain and restates that the European Union states will obey certain rules and obligations when conducting activities in cyberspace. In that sense, the declaration is a political and diplomatic instrument, but carries legal implications. And when it comes to those legal aspects, then EU member states have agreed, first, that states have a legal obligation, not merely a political commitment, to ensure that their territories are not used for malicious cyber operations that violate the rights of other states. This duty prevents states from knowingly allowing actors to operate from or through their territories and instead requires states to engage in their best efforts to stop such conduct. In law, this is commonly referred to as the due diligence obligation. As well, together we have emphasized the application of international humanitarian law and human rights law. Additionally, we stated that in determining the threshold of use of force, the combined effects of several cyber operations can, when taken together, be comparable to a kinetic use of force. This is especially relevant in the cyber context as cyber operations are mostly part of a campaign. EU states have also recognized that states must bear legal responsibility for their unlawful conduct in cyberspace. Importantly, the EU Common Declaration sets out the various legal bases for attributing cyber operations to states. This is an important milestone as it demonstrates that states cannot escape legal responsibility when they, for example, outsource their cyber operations to other states. we reaffirm our commitment to the UN processes on cyberspace and the full applicability of international law to cyberspace. By putting forward this declaration we wanted to incentivize not only EU member states. By the time we started to work on the declaration around half of the EU member states had their national positions. Now there are quite a few more that have put forward their national positions but also encouraged all UN member states to develop and share their understandings of international law and signal that even though states might not agree on all aspects of applicability of international law to cyberspace it is still possible to agree on a set of key legal principles. To that end numerous states individually or collectively have put forward in the current open and effective working group their views on the relevant applicable rules as well as how these rules are to be interpreted in the cyber context. In conjunction with the EU 2024 declaration on a common understanding of the application of international law to cyberspace as well as the African Union common position on the application of international law in cyberspace over 100 UN member states have now individually or collectively published their position on the application of international law in cyberspace which makes a significant and encouraging milestone. It’s a completely different discussion what the current open-ended working group has produced in past four or five years but for me this one really stands out. And as a last point it’s also important to note that for us this declaration is not the end of the road. The declaration will likely be updated in the coming few years possibly maybe a little longer but the next years to come when we can agree on more points or when interpretations have evolved but I will leave it here at this point. Thank you.

Joanna Kulesza: Thank you so much Helen. It’s important to emphasize that this is the toolbox with which we’re trying to facilitate multi-stakeholder governance so all the norms that you kindly mentioned are there to ensure that the multi-stakeholder model the WSIS plus 20 and as you highlighted the further work built on the open-ended working group to zero draft the plan of action remain visible remain valid and they do support us in building this community and these bottom-up processes further. And this brings me to our last speaker Professor Lukasz Kulaga Kuwaga who’s representing the foreign ministry but also is a fellow experienced academic with a background in developing an actual national position on the application of international law in cyberspace. The question is quite simple. Why do states do that? And how does that help us keep the multi-stakeholder model safe and secure? Thank you so much for joining us, sir. The floor is yours.

Lukasz Kulaga: Thank you, Anna, and thank you for the possibility of participating in this panel. Let me also add that I’m speaking in my private capacity here. The question of application of international to cyberspace is intensively debated in the GGE and OEWG processes. Indeed, as I speak, the preliminary works on the report from 2021-2025 session of OEWG is ongoing. The purpose of my short presentation is, first of all, to advocate, particularly to states that have not yet done so, to prepare their national position on application of international law in cyberspace. And secondly, I would like to also mention other possibilities for developing international law in this area. Thus, my aim is to present possible modest steps that can be made to strengthen cybersecurity, which, as mentioned by Elena, is important for multi-stakeholder governance. So, first of all, on national statements. Poland has prepared its position in 2022 after two years of process prolonged due to the COVID epidemic and the aggression against Ukraine, and we have contributed also to the development of the common position of the EU just mentioned. I acknowledge that preparing such a public statement by a state is a challenging task for a different set of reasons. Firstly, the approach presented will affect not only the legal position of a state in a cyberspace, but also, or perhaps mostly, in a kinetic world. Secondly, outside of the courtroom or diplomatic negotiations, states are usually reluctant to present a very specific interpretation of fundamental rules of general international law. And thirdly, their inter-agency process, which usually is required for having a great national position, can be burdensome. It often requires from Ministry of Foreign Affairs lawyers to explain the potential legal consequence of the use of concrete wording to colleagues. and many others from other ministries. All of this is usually time-consuming and results often in a document of rather general than very specific character. Still, having such a position is beneficial for several reasons. They include fostering transparency of the conduct of states in cyberspace. They contribute to interpretation of international law, either treaty, customary or both. Finally, such a position adopted by a government can have also utility for several national procedures. As it usually concerns general international law applicable to all fields, not only to cyber, it can be important point of reference for any discussion and decision-making processes at domestic level. And on the second point, we have to be also aware of the limits of the developing international law through national position. Taking into account the collective position of the African Union member states, the European Union member states, we can identify around 100 states that have already presented their position either individually or collectively. The rather obvious result of this practice is at least to some extent cacophony of variety of interpretations of law. The existing different interpretations of international law offline influence approaches for its online application. Thus, I would like to draw your attention to some ideas discernible in international practice or academia that can also help to develop international law in this area. First, on the hardware aspect of cyberspace, existing international legal regimes do not adequately protect subsea data cables from international damage, nor do they effectively hold perpetrators of such a damage accountable. Thus, negotiating new instrument would be also… process still the new binding instrument even if not accepted by all states can contribute to crystallization of customary international law in this respect. Second, in the UN recent three years showed the advisory competence of International Court of Justice that is used more often to solidify international legal framework in the specific area. In particular currently ICJ is deliberating on question of General Assembly concerning obligation of states in respect of climate change. The resolution formulating the question was the first request for an ICJ advisory opinion to be adopted by a consensus. In the written proceedings 91 written comments have been filed mostly by states. Thus it is another proof that the general questions can be presented to the International Court of Justice for its explanation of existing law in a particular area. And third point also worth reflecting is referring the issue of application of international law in the use of ICTs to the International Law Commission. Already in 2008 International Law Commission working group considered whether to work on the topic Internet and international law. At that time the Commission has not decided to progress on this issue. Certainly the ILC would be an adequate forum to work on the application of international law in the use of ICTs as the topic concerns fundamental principles of international law. In accordance with article 16 and 18 of the ILC statute the General Assembly can refer to the Commission particular topics. The Commission conclusion, the potential Commission conclusion in this respect could contribute to strengthening legal framework. in this area. Thank you one more time for the possibility to participate in this panel and I’m happy to engage in discussion if there’s an interest.

Joanna Kulesza: Thank you. Thank you so much. This brings us to the end of our panel. We’ve heard a plethora of views with regards to the most recent developments on the application of international law and cyberspace on internet governance and this is the time for our audience to chime in. I warmly encourage our participants in the room to use the microphones that you have available. There’s also a roaming mic standing right there. I encourage our online participants to pose their questions in their chat or raise their hands and while you’re pondering on those questions please let me refer a few general points to our speakers. I will ask them to try and answer these scoping questions in the order of their presentations. I believe the questions to pose here obviously reflect around how the internet governance community gathered here in the room can further facilitate bridging this relationship between international law and cyberspace. We’ve heard a lot about how states are working on making sure that international law indeed is a tool to facilitate multi-stakeholder governance and the peaceful use of ICTs. It is therefore for us to try and question how that might be put into practice as we approach WSIS plus 20 and as Helen highlighted the work of the open-ended working group comes to a conclusion. I’m going to ask our speakers to think about this question or these issues but I also see a first question from our floor being addressed so I’m going to give the floor to our participants to kindly introduce yourselves sir and specify who you would like to address your question to. Please go ahead.

Audience: Thank you very much Johanna. Can you hear me? We can hear you. My name is Wouter Natwies and I represent the dynamic coalition on the internet standard security and safety here within the IGF system. I’ve heard the lady from ICANN and ICANN does all sort of decisions on security but they promote mostly DNS security so the domain name system. With the registries they mostly do routing systems so everybody is working in their own silo so that’s comment one. Then you hear the UN system working on high-level security and international law. But the attacks that happen on the internet usually happen through vulnerabilities that are inside of the devices, inside of services, inside of connections. And what my Dynamic Coalition is working on is how do we make sure that these flaws are being ended by the deployment of existing, sometimes decennial existing, new cybersecurity standards that have come into place of the old ones. So the question is why are we not addressing fundamental options to end flaws in our systems, which can be done by industry by using these standards, by deploying DNS security, routing security, building secure websites. But you can’t do that within your silo. So the question is to maybe all panelists, how do we break the silos and come together to fundamentally rebuild the security of the internet together? Because we have to do this together and it’s not a one silo solution. So that’s the question to maybe all of them. How do we get together and make sure that we make sure these flaws are ended? Thank you.

Joanna Kulesza: Thank you so much for that. It’s the perfect question because that’s precisely the purpose of this session. We’re trying to figure out how to bridge those very high-level conversations that aim towards ensuring stability and security of the network with those bottom-up processes that ICANN has managed in facilitating so successfully. Yes, I see Elena’s hand is up and it does feel like the question was primarily addressed to you and I’m happy to give you the floor, but I will give all of our panelists a chance to address that very vital and practical question. Thank you again for posing it. Elena, the floor is yours.

Elena Plexida: Thank you. That is indeed an excellent question and I do think that I might be able to provide an answer, but that’s from a perspective of one of the technical organizations and as the question really highlighted, it’s not one that has to provide an answer. It’s all of us. How are we going to get off our… and Mr. Lukasz Kulaga. Thank you, Mr. Kownacki. Thank you, Ms. Plexida. I would like to start with the technical layer of the Internet, which is where ICANN and the ITF and all of us are working. But when it comes to content, ICANN by its silos cannot get there. In answer to the question, I do agree. This is a very good point. How do we get out of our silos? Obviously, we need to find the space to have these discussions. I would like to give you an example that recently came out, not from the ICANN community, because as I said, ICANN has a very specific mission. So the community that gets together in ICANN, they’re there to make policies for the DNS. And that’s it. But players that are within ICANN, so domain name system operators and IP address operators, they came together in a forum that they created themselves with content providers. And to my knowledge, this is not a dialogue that happens that often. But I’m raising this as an example of what can be done and what can be done. And I would like to give you an example. And to my knowledge, this is not a dialogue that happens that often. And to my knowledge, this is not a dialogue that happens that often. But I’m raising this as an example of what can be done outside or further to think creatively about how to… Because, yeah, it takes all of us. It takes a village. It’s not one thing fits all. It fixes all. Like, for example, if just by promoting DNSSEC and fixing DNSSEC everywhere around the world, that doesn’t mean that we have solved all the problems that cybersecurity is doing. So I would like to give you an example. It takes a village. It’s not one thing fits all. It fixes all. Like, for example, if just by promoting DNSSEC and fixing DNSSEC everywhere around the world, that doesn’t mean that we have solved all the problems that cybersecurity is doing. We have to discuss. Thank you. I hope.

Joanna Kulesza: Thank you. Thank you so much, Elena. This is precisely where we’re having this conversation to make sure that these parallel dialogues I do wear an ICAN at-large hat on regulatory advancements. She has kindly led the work within ICAN, meeting regularly during the face-to-face ICAN sessions, updating us on all the regulation around the globe that might impact the way that the technical community facilitates and operates, and these meetings have, that past year, been happening monthly. So if you’re interested, I’m more than happy to answer questions and provide more details. I’m going to check if any of our other panellists might have an answer for Wout. I feel like he touched directly at the core of our purpose here. How do we bridge the silos? I’m going to check with our on-site, Lukasz Kulaga Maciek, Lukasz Kulaga, please, go right ahead.

Lukasz Kulaga: Thank you. So how do we get together? I would say that my experience of the discussion is rather of more macro level on the fundamental rules of international law than on standards, but what I tried to say is that I see the limits of the dialogue between states as these dialogues are also very politicised, and certainly on fundamental rules of international law, but I would guess that on those detailed technical standards, as you will, they could also be still functional. That is why in my last part of presentation, I tried to indicate that perhaps one way to go forward is to, at least to some extent, transfer the possible answers to other institutions, such as that I mentioned, for example, International Law Commission or International Court of Justice. Thank you.

Joanna Kulesza: Wonderful. Thank you very much. Maciek, please, go right ahead.

Maciej Gron: If I can add just a few words, Anna Podgórska-Bombaner has mentioned, you know, about, you know, the motto of the Polish presidency, let’s build the bridges and connect the spots. I think that it’s, I know it’s only the motto, but it’s not easy, you know, just for this on a general level to say much more, because, you know, the multi-stakeholder model is not about, you know, only the inclusiveness, it’s about effectiveness, and we cannot find, I don’t think that we cannot leave, you know, this multi-stakeholder model. It’s crucial, you know, to be still in this model. Of course, when we are discussing, you know, the things which are very specific, we have to work with professionals, not open, doesn’t mean that everyone can say everything, but this is the only reason how can we cooperate with.

Joanna Kulesza: Wonderful. Great answer. Thank you so much. I’m going to check with our, there you go. I see Helen’s hand is up, and I see Anna’s hand is up. Helen, please go right ahead, and I’m going to give the floor to Anna. I do note we have one question in the chat, I’m going to move to our remote participation moderator next. Helen, go right ahead.

Elena Plexida: Yes, thank you very much. Just to complement what was just said, that the key challenge with respect to the application of international law in cyberspace is the fact that the relevant rules of international law that regulate state conduct in cyberspace are inherently quite abstract, and therefore need to be interpreted in light of their object and purpose. The key challenge is to ensure that states interpret those rules by and large in the same manner. A challenge we face today is not so much that states’ interpretations vary significantly, but rather that too many states have thus far remained silent on this question, and therefore we do not know where they stand on those issues. Therefore, we need the trend of adopting national, regional positions. to continue, and the next logical step will be to streamline views and interpretations where very necessary. Thanks.

Joanna Kulesza: Thank you. Anna, go right ahead.

Anna Podgorska-Buompane: If I may only add, I subscribe under what was said by panelists, but I would like to also say that during the Polish presidency, cybersecurity was very high, if not saying highest on the agenda. So, indeed, we had a lot of discussion in the Council among the member states. And just to draw your attention to the fact that on the 6th of June, Telecom Council has adopted the EU blueprint to better manage European cyber crises and incidents. So, it is public, and it shows how important it is to have the special kind of guidelines to member states to enhance preparedness and detection capabilities and response to cybersecurity incidents. So, I encourage everyone to read it through. But also, what is also very much important that while speaking about some kind of the actions, it is important to stress that we cannot multiply the efforts and having the new structures, but rather to build on the existing and have them working together. So, this is just…

Joanna Kulesza: Thank you. Thank you, Anna. That’s a very relevant point. This is why we’re raising this at the IGF, an existing platform with decades of experience. That’s the appropriate way to do it. My job here today, unfortunately, is also one of a timekeeper. I am mindful of 10 minutes remaining. I have been warned that if we go over time, the lights will just go out. So, we don’t want to do that. What I’m going to do is I’m going to kindly ask our remote participation facilitator, Mr. Wiktor Skwarek, to address the question that is in the chat. So, if you could kindly take us through that query, and then I’m going to solicit the speaker. I’m going to try and find those of you who might wish to address it. Mr. Skwarek, the floor is yours.

Viktor Skvarek: Yes, we have a question online from Luke, and the question reads, how can we ensure that the governments, and in particular, law enforcement agencies, don’t attempt to circumvent the passing of international treaties by forcing private actors to abide by foreign laws and processes?

Joanna Kulesza: Thank you. That is a very interesting, very practical question. I feel like it’s a loaded question as well. There’s a little bit of politics in there. I’m not sure who of our… Elena, thank you so much. The technical community has much more freedom to discuss political implications. Please kindly take the floor.

Elena Plexida: I’m not sure it’s the freedom, or rather maybe speaking from experience. There you go. Maybe you will. The question Luke is bringing up is really relevant, and not that easy to answer. Not a straightforward answer, or might not even be effective. So, I would say, from one hand, you have to make sure that in the dialogue, or whatever it is there, before the policymaking, all the voices are heard. This goes back to the beauty and the relevance of the multi-stakeholder policymaking, or the multi-stakeholder model, or the multi-stakeholder discussions, even if we’re not talking about decision-making, but we’re talking about stakeholder consultation. So, the safeguards that the civil society or academics can bring around human rights, they’re absolutely essential, because imagine a discussion, a debate, leading up to policy that is dominated by law enforcement or by governments only. that you will only have one side of the story, so that’s one way to make sure that things not go in one direction or another direction. You need to maintain the balance. The other thing I would say is the role of the technical community there. There has to be involvement in the sense of technical experts are also needed to explain things, explain how things technically work, because we’ve seen that policymakers are rightfully so trying to address an issue, a problem that is an online problem at the content level by intervening at the technical level of the internet or intervening at the multi-stakeholder policies, which if you ask me, it’s actually not consistent with championing the multi-stakeholder approach. So if we are agile to those things and we give input, I think it’s one way to try to ensure that things do not go south. If I may, just for one more minute, I have an example to say here, which comes from the Council of Europe, I would say. Council of Europe at some point in time, pretty recently, you might recall, worked on the second additional protocol to the Budapest Convention. And that goes back to what I was saying that international law is useful for the multi-stakeholder policymaking. The multi-stakeholder policymaking is there to put policies and standards for the technical foundations of the internet. But we need a legal basis for things to happen beyond what is within our remit. The second additional protocol to the Budapest Convention gave a legal basis which had to do with operators, in case of cyber security problems, being able from one, sorry, law enforcement agencies in one jurisdiction, being able to ask for information relevant to a search from an operator that is in another jurisdiction. That is helpful. That is, that enables also the ICANN community to do things. But without a legal basis, you can’t do that. And why am I raising it as an example? Council of Europe did the whole consultation and the whole drafting of the second additional protocol. Of course, this is just one article that I mentioned is relevant to ICANN. in a way that was just putting in place what was needed to help, i.e. the legal basis, with taking extra care of not intruding the multi-stakeholder policymaking or not circumventing other rights. For anyone who has the time to look at the memorandum, sorry, the explanatory note, it gives the whole thing. But just a shout-out, and it can be done. That’s, I guess, what I’m trying to say with this example. Thank you.

Joanna Kulesza: Great, thank you so much. Again, mindful of the time, I’m just going to check if anyone wishes to chime in on that politically. Lukasz, please, go ahead.

Lukasz Kulaga: So, on the enforcing of domestic law and bypassing treaties, the one issue is that, as Helen mentioned, with respect to the cyberspace, we have only treaties on criminal cooperation. So, we have the Budapest Convention, and we have the just recently negotiated UN Cybercrime Convention. So, there are some treaties. Not all of them are enforced, but there are treaties on cooperation in these matters. But generally, I would say that the answer is of general nature. So, if a state makes an effort to enforce its domestic law, then it is up to the state of the national to protect him against this action of the third state. So, here I would come back with the sovereignty. The sovereignty can be, I understand, problematic for some elements of Internet governance. But with such a situation, it’s also the sovereignty that would protect this national not to be bound by the law of the third state. Thank you.

Joanna Kulesza: Great. Thank you. Wonderful. I think that’s the perfect summary to emphasize how the general links with the very specific, right? We do have the norms in place. Our timer has now gone into a red mode, which implies I should be wrapping this up, and I’m happy to do that. Thank you so much for taking the time to join us. Someone once told me that international law is boring. I refuse to believe that. I hope we’ve been able to convince you that there’s so much potential in those general norms and how they impact the everyday Internet usage of everyday Internet end users. Thank you for taking the time for being here and being here. All of our speakers, I am certain, are available for you to follow up with. Me, myself, personally, I’m more than happy to answer specific, detailed questions. This is what we do, both within the ICANN community and beyond. The Polish presidency has gone a long way, making sure that cybersecurity is relevant to European and international. and Mr. Maciej Kowalski, Mr. Rafał Kowalski, Ms. Anna Podgorska-Buompane, Mr. Lukasz Kulaga and Mr. Lukasz Kulaga. And with that I’ll turn it over to the ministry on behalf of our hosts here. I can add that we should avoid the simplest solution because it’s impossible to find one solution and it’s really not enough. Absolutely, that’s why we’re here at the IGF. Thank you so much to our speakers, please join me in giving them a hand. Thank you everyone. This session is adjourned.

Agreement points

Multi-stakeholder governance is essential, not optional, for effective internet governance

Speakers

– Maciej Gron
– Elena Plexida
– Anna Podgorska-Buompane

Arguments

Multi-stakeholder model is not nice-to-have but must-have for daily work

Multi-stakeholder governance protects and enables the global internet by operating outside traditional sovereignty constraints

Polish presidency prioritized internet governance and multi-stakeholder processes as cornerstone of digital diplomacy

Summary

All speakers agree that multi-stakeholder governance is a fundamental necessity rather than an optional approach for managing cyberspace and internet governance effectively

Topics

Legal and regulatory | Infrastructure | Development

International cooperation is necessary because cyber issues transcend national borders

Speakers

– Maciej Gron
– Elena Plexida
– Helen Popp

Arguments

National laws are powerless if not applied beyond borders, requiring international solutions

Multi-stakeholder governance enables global reach that furthers international law application beyond borders

Over 100 UN member states have now published positions on international law application in cyberspace

Summary

Speakers unanimously agree that cyber challenges are inherently global and require coordinated international responses that go beyond individual national approaches

Topics

Legal and regulatory | Cybersecurity

International law provides necessary framework for cyberspace governance

Speakers

– Elena Plexida
– Helen Popp
– Lukasz Kulaga

Arguments

International law provides necessary legal basis for sound technical community policymaking

EU declaration establishes common understanding that international law remains fit for purpose in digital domain

National positions on international law foster transparency and contribute to legal interpretation development

Summary

Technical and legal experts agree that international law frameworks are essential for providing legal basis and structure for effective cyberspace governance

Topics

Legal and regulatory | Cybersecurity

Building on existing structures is more effective than creating new ones

Speakers

– Anna Podgorska-Buompane
– Joanna Kulesza

Arguments

EU blueprint for cyber crisis management emphasizes building on existing structures rather than creating new ones

International law can make multi-stakeholder model more efficient, inclusive, and predictable

Summary

Speakers agree that strengthening and leveraging existing governance mechanisms is preferable to multiplying efforts through new institutional structures

Topics

Legal and regulatory | Cybersecurity

Similar viewpoints

Both speakers emphasize that effective governance requires genuine participation and decision-making power for all stakeholders, not merely consultation, particularly for addressing cross-border challenges

Speakers

– Maciej Gron
– Elena Plexida

Arguments

Illegal content and cybersecurity threats are inherently international problems needing global cooperation

Multi-stakeholder governance enables decision-making by all stakeholders on equal footing, not just consultation

Topics

Cybersecurity | Legal and regulatory

Both speakers are concerned about inappropriate government intervention and emphasize the need for proper boundaries between different levels of governance and expertise

Speakers

– Elena Plexida
– Lukasz Kulaga

Arguments

Technical expert involvement prevents inappropriate intervention at technical level for content-level problems

State sovereignty can protect nationals from enforcement of foreign domestic laws

Topics

Legal and regulatory | Infrastructure

Both legal experts emphasize the importance of clear state obligations and transparency in how international law applies to cyberspace

Speakers

– Helen Popp
– Lukasz Kulaga

Arguments

States have legal obligation for due diligence to prevent malicious cyber operations from their territories

National positions on international law foster transparency and contribute to legal interpretation development

Topics

Legal and regulatory | Cybersecurity

Unexpected consensus

Technical community and government representatives agreeing on sovereignty limitations

Speakers

– Elena Plexida
– Lukasz Kulaga

Arguments

Multi-stakeholder governance protects and enables the global internet by operating outside traditional sovereignty constraints

State sovereignty can protect nationals from enforcement of foreign domestic laws

Explanation

It’s unexpected that both a technical community representative and a government legal expert would agree on the limitations of traditional sovereignty in cyberspace, albeit from different perspectives – one seeing it as necessary for global internet function, the other as protection against overreach

Topics

Legal and regulatory | Infrastructure

Agreement on the need to break down silos across different stakeholder groups

Speakers

– Elena Plexida
– Anna Podgorska-Buompane
– Audience

Arguments

Coordination between technical organizations, content providers, and other stakeholders requires creative forum-building

Polish presidency prioritized internet governance and multi-stakeholder processes as cornerstone of digital diplomacy

Technical vulnerabilities require breaking down silos between different internet governance organizations

Explanation

Unexpected consensus emerged between technical community, government, and civil society representatives on the need to overcome organizational silos, suggesting broad recognition that current fragmented approaches are insufficient

Topics

Infrastructure | Cybersecurity | Legal and regulatory

Overall assessment

Summary

Strong consensus exists on the fundamental importance of multi-stakeholder governance, the necessity of international cooperation for cyber issues, the relevance of international law frameworks, and the preference for building on existing structures rather than creating new ones

Consensus level

High level of consensus with significant implications for legitimizing and strengthening the multi-stakeholder model as the preferred approach for internet governance, particularly as the WSIS+20 review approaches. The agreement across technical, governmental, and legal communities provides strong foundation for continued development of this governance model.

Different viewpoints

Role of sovereignty in cyberspace governance

Speakers

– Elena Plexida
– Lukasz Kulaga

Arguments

Multi-stakeholder governance protects and enables the global internet by operating outside traditional sovereignty constraints

State sovereignty can protect nationals from enforcement of foreign domestic laws

Summary

Plexida argues that effective internet governance requires operating outside traditional sovereignty constraints to maintain a global internet, while Kulaga emphasizes sovereignty’s protective role against extraterritorial enforcement of laws. This represents a fundamental tension between global governance needs and state sovereignty principles.

Topics

Legal and regulatory | Infrastructure

Unexpected differences

Scope of multi-stakeholder decision-making authority

Speakers

– Elena Plexida
– Maciej Gron

Arguments

Multi-stakeholder governance enables decision-making by all stakeholders on equal footing, not just consultation

Multi-stakeholder approach with international cooperation is fundamental condition for addressing global cyber issues

Explanation

While both strongly support multi-stakeholder governance, there’s an unexpected subtle disagreement about its scope. Plexida emphasizes actual decision-making power shared equally among all stakeholders, while Gron focuses more on professional expertise and cooperation, noting that ‘not everyone can say everything’ and emphasizing the need to work with professionals. This suggests different views on how inclusive and democratic multi-stakeholder processes should be.

Topics

Legal and regulatory | Cybersecurity

Overall assessment

Summary

The discussion shows remarkably high consensus among speakers on fundamental principles, with disagreements primarily emerging around implementation approaches rather than core goals. The main areas of disagreement involve the balance between global governance needs and state sovereignty, and the specific mechanisms for achieving multi-stakeholder coordination.

Disagreement level

Low to moderate disagreement level. The speakers demonstrate strong alignment on the necessity of multi-stakeholder governance, international cooperation, and the application of international law in cyberspace. Disagreements are primarily tactical rather than strategic, focusing on how to implement shared goals rather than questioning the goals themselves. This high level of consensus suggests a mature field with established principles, though implementation challenges remain significant.

Partial agreements

Similar viewpoints

Both speakers emphasize that effective governance requires genuine participation and decision-making power for all stakeholders, not merely consultation, particularly for addressing cross-border challenges

Speakers

– Maciej Gron
– Elena Plexida

Arguments

Illegal content and cybersecurity threats are inherently international problems needing global cooperation

Multi-stakeholder governance enables decision-making by all stakeholders on equal footing, not just consultation

Topics

Cybersecurity | Legal and regulatory

Both speakers are concerned about inappropriate government intervention and emphasize the need for proper boundaries between different levels of governance and expertise

Speakers

– Elena Plexida
– Lukasz Kulaga

Arguments

Technical expert involvement prevents inappropriate intervention at technical level for content-level problems

State sovereignty can protect nationals from enforcement of foreign domestic laws

Topics

Legal and regulatory | Infrastructure

Both legal experts emphasize the importance of clear state obligations and transparency in how international law applies to cyberspace

Speakers

– Helen Popp
– Lukasz Kulaga

Arguments

States have legal obligation for due diligence to prevent malicious cyber operations from their territories

National positions on international law foster transparency and contribute to legal interpretation development

Topics

Legal and regulatory | Cybersecurity

Key takeaways

Multi-stakeholder governance is essential (not optional) for effective internet governance and cybersecurity, enabling decision-making by all stakeholders on equal footing rather than just consultation

International law remains fit for purpose in cyberspace and provides necessary legal framework to support multi-stakeholder governance processes

Over 100 UN member states have now published positions on international law application in cyberspace, representing significant progress in building consensus

Cross-border cooperation is fundamental since cyber threats and illegal content are inherently international problems that cannot be solved by national laws alone

The EU has established a common declaration on international law in cyberspace, including due diligence obligations for states to prevent malicious operations from their territories

Technical communities require legal basis from international law to create effective policies on security, abuse prevention, and domain name management

WSIS+20 review process will determine whether the multi-stakeholder model continues as the primary framework for internet governance

Resolutions and action items

States that have not yet done so should prepare national positions on application of international law in cyberspace to increase transparency and contribute to legal interpretation

Continue trend of adopting national and regional positions on international law, with next step being to streamline views and interpretations where necessary

EU blueprint for cyber crisis management should be implemented, building on existing structures rather than creating new ones

Explore alternative mechanisms like International Court of Justice advisory opinions and International Law Commission work to advance legal framework development

Negotiate new international instruments to protect subsea data cables from intentional damage

Unresolved issues

How to effectively break down silos between different internet governance organizations to address fundamental security vulnerabilities that require coordinated response

How to prevent governments and law enforcement from circumventing international treaties by forcing private actors to comply with foreign laws and processes

How to balance state sovereignty concerns with the need for global coordination in cyberspace governance

How to ensure adequate protection of subsea data cables under existing international legal frameworks

How to address the challenge that cyber operations are mostly part of campaigns requiring combined effects analysis for use of force determinations

Suggested compromises

Use multi-stakeholder consultation processes as safeguards to prevent policy dominance by single stakeholder groups like law enforcement or governments

Build on existing structures and institutions rather than creating entirely new governance mechanisms

Maintain balance between technical expert involvement and policy-making to prevent inappropriate intervention at technical level for content-level problems

Develop creative forum-building approaches that bring together technical organizations, content providers, and other stakeholders outside traditional silos

Transfer some legal questions to established international institutions like International Court of Justice or International Law Commission when state-to-state dialogue becomes too politicized

The multi-stakeholder model is not a nice thing to have, it’s a must-have. And it’s not just a good idea, it’s a fundamental condition for our daily work. Even the best national laws are powerless if they are not required beyond borders.

Speaker

Maciej Gron

Reason

This comment reframes the entire discussion by establishing multi-stakeholder governance not as an idealistic preference but as a practical necessity. It directly connects the abstract concept of governance models to concrete operational realities, particularly in dealing with illegal content that transcends borders.

Impact

This foundational statement set the tone for the entire panel, with multiple speakers (Elena Plexida and others) later referencing and building upon this ‘must-have’ characterization. It shifted the discussion from theoretical benefits to practical imperatives.

I’m not aware of any other public resource, or public good, if you will, that is governed the way the fundamentals of the global Internet are governed… Multi-stakeholder governance in the case of the global Internet is decision-making. You don’t just have stakeholders there who are being consulted. There’s actual decision-making.

Speaker

Elena Plexida

Reason

This observation provides a crucial distinction that challenges common misconceptions about multi-stakeholder governance. By emphasizing that it involves actual decision-making rather than mere consultation, and by noting its uniqueness among global public resources, it elevates the significance of the internet governance model.

Impact

This comment deepened the analytical level of the discussion by providing a comparative framework and clarifying what multi-stakeholder governance actually entails. It influenced subsequent speakers to be more precise about the nature of governance mechanisms they were discussing.

The attacks that happen on the internet usually happen through vulnerabilities that are inside of the devices, inside of services, inside of connections… So the question is why are we not addressing fundamental options to end flaws in our systems… But you can’t do that within your silo. So the question is to maybe all panelists, how do we break the silos and come together to fundamentally rebuild the security of the internet together?

Speaker

Wouter Natwies (Audience member)

Reason

This intervention was particularly insightful because it challenged the entire panel’s approach by pointing out a fundamental disconnect between high-level governance discussions and practical security implementation. It forced speakers to confront the limitations of their respective domains and the need for cross-sector collaboration.

Impact

This question created a pivotal moment in the discussion, shifting it from theoretical frameworks to practical implementation challenges. It prompted all panelists to respond and acknowledge the silo problem, leading Elena Plexida to provide concrete examples of cross-sector collaboration and others to reflect on the limitations of their current approaches.

The key challenge is to ensure that states interpret those rules by and large in the same manner. A challenge we face today is not so much that states’ interpretations vary significantly, but rather that too many states have thus far remained silent on this question, and therefore we do not know where they stand on those issues.

Speaker

Helen Popp

Reason

This comment reframes the international law challenge from one of disagreement to one of silence and uncertainty. It’s insightful because it identifies that the primary obstacle isn’t conflicting interpretations but rather the absence of positions, which creates unpredictability in the international system.

Impact

This observation shifted the discussion toward encouraging more states to develop and publish their positions on international law in cyberspace, rather than focusing solely on harmonizing existing positions. It provided a clearer pathway forward for international cooperation.

How can we ensure that the governments, and in particular, law enforcement agencies, don’t attempt to circumvent the passing of international treaties by forcing private actors to abide by foreign laws and processes?

Speaker

Luke (Online participant)

Reason

This question introduced a critical tension between sovereignty, law enforcement needs, and private sector autonomy that hadn’t been explicitly addressed. It highlighted the potential for governments to bypass formal international legal processes through direct pressure on private entities.

Impact

This question prompted Elena Plexida to provide a detailed example from the Council of Europe’s Budapest Convention, demonstrating how international law can provide proper legal frameworks while respecting multi-stakeholder processes. It elevated the discussion to address real-world power dynamics and potential abuses.

Overall assessment

These key comments fundamentally shaped the discussion by moving it from abstract theoretical frameworks to concrete practical challenges. Maciej Gron’s opening established the practical necessity of multi-stakeholder governance, while Elena Plexida’s clarification about decision-making versus consultation provided analytical depth. The audience interventions, particularly from Wouter Natwies, forced the panel to confront the limitations of siloed approaches and address implementation gaps. Helen Popp’s insight about state silence rather than disagreement reframed the international law challenge, while Luke’s question about circumvention introduced critical power dynamics. Together, these comments created a progression from foundational concepts to practical implementation challenges, ultimately resulting in a more nuanced and actionable discussion about bridging international law and multi-stakeholder governance in cyberspace.

How do we break the silos and come together to fundamentally rebuild the security of the internet together?

Speaker

Wouter Natwies (Dynamic Coalition on Internet Standards Security and Safety)

Explanation

This addresses the critical challenge of coordinating cybersecurity efforts across different technical organizations (ICANN for DNS security, registries for routing systems, etc.) that currently work in isolation, while attacks exploit vulnerabilities across all these systems

How can we ensure that governments and law enforcement agencies don’t attempt to circumvent international treaties by forcing private actors to abide by foreign laws and processes?

Speaker

Luke (online participant)

Explanation

This raises concerns about jurisdictional overreach and the potential for governments to bypass established international legal frameworks by directly pressuring private entities to comply with foreign legal requirements

How can the internet governance community further facilitate bridging the relationship between international law and cyberspace as we approach WSIS Plus20?

Speaker

Joanna Kulesza (moderator)

Explanation

This seeks practical ways for the IGF community to contribute to integrating international law principles with multi-stakeholder governance processes in preparation for the upcoming WSIS Plus20 review

How to streamline views and interpretations of international law in cyberspace where necessary, given that too many states have remained silent on their positions?

Speaker

Helen Popp (European External Action Service)

Explanation

This addresses the challenge that while states’ interpretations don’t vary significantly, many states haven’t published their positions on how international law applies to cyberspace, creating uncertainty about global consensus

How to negotiate new binding instruments for protecting subsea data cables from international damage and holding perpetrators accountable?

Speaker

Lukasz Kulaga (Polish Foreign Ministry)

Explanation

Current international legal regimes inadequately protect critical internet infrastructure like subsea cables, requiring new legal frameworks even if not universally accepted

Whether to refer the issue of application of international law in ICT use to the International Law Commission or seek an ICJ advisory opinion?

Speaker

Lukasz Kulaga (Polish Foreign Ministry)

Explanation

These would be alternative mechanisms to develop international law in cyberspace beyond state-to-state negotiations, potentially providing authoritative legal clarification on fundamental principles